481 matches found
CVE-2025-24844
The CVE-2025-24844 entry involves OpenHarmony, affected in v5.0.3 and earlier. The root cause is a missing release of memory, leading to a local denial-of-service condition (availability impact), as described by multiple sources. Exploitation is local with low attack complexity and low privileges...
CVE-2025-24298 liteos_a has an UAF vulnerability
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free...
CVE-2025-27577 liteos_a has a race condition vulnerability
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition...
OpenHarmony 资源管理错误漏洞
OpenHarmony is a kind of Hongmeng operating system open source project of China OpenAtom OpenAtom Foundation. A resource management error vulnerability exists in OpenHarmony v5.0.3 and earlier versions, which originates from post-release reuse in tcb and could lead to the execution of arbitrary...
Huawei HarmonyOS和Huawei EMUI 安全漏洞
Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS and EMUI suffer from an insufficient...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An out-of-bounds write vulnerability exists in the Huawei HarmonyOS skia module, which can be exploited by an attacker to compromise confidentiality...
CVE-2024-35295
A vulnerability has been identified in Perfect Harmony GH180 All versions = V8.0 V8.3.3 with NXGPro+ controller manufactured between April 2020 to April 2025. The maintenance connection of affected devices fails to protect access to the device's control unit configuration. This could allow an...
CVE-2024-35295
A vulnerability has been identified in Perfect Harmony GH180 All versions = V8.0 V8.3.3 with NXGPro+ controller manufactured between April 2020 to April 2025. The maintenance connection of affected devices fails to protect access to the device's control unit configuration. This could allow an...
CVE-2024-35295
A vulnerability has been identified in Perfect Harmony GH180 All versions = V8.0 V8.3.3 with NXGPro+ controller manufactured between April 2020 to April 2025. The maintenance connection of affected devices fails to protect access to the device's control unit configuration. This could allow an...
CVE-2024-35295
A vulnerability has been identified in Perfect Harmony GH180 All versions = V8.0 V8.3.3 with NXGPro+ controller manufactured between April 2020 to April 2025. The maintenance connection of affected devices fails to protect access to the device's control unit configuration. This could allow an...
CVE-2024-35295
CVE-2024-35295 affects Perfect Harmony GH180 versions V8.0–V8.3.3 with the NXGPro+ controller (manufactured 2020–2025). The maintenance connection fails to protect access to the device configuration, enabling a physically proximate attacker with access to the maintenance port to perform arbitrary...
PT-2025-25183 · Unknown · Perfect Harmony Gh180
Name of the Vulnerable Software and Affected Versions: Perfect Harmony GH180 versions V8.0 through V8.3.3 Description: A security issue has been identified where the maintenance connection of affected devices does not protect access to the device's control unit configuration. This could allow an...
Siemens SINAMICS PERFECT HARMONY GH180 访问控制错误漏洞
The Siemens SINAMICS PERFECT HARMONY GH180 is a high-voltage AC inverter from Siemens Germany. An access control error vulnerability exists in the Siemens SINAMICS PERFECT HARMONY GH180 versions prior to V8.0 through V8.3.3, which stems from improper access control of the maintenance connection a...
CVE-2024-24912
A local privilege escalation vulnerability has been identified in Harmony Endpoint Security Client for Windows versions E88.10 and below. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system...
CVE-2024-55956
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory...
CVE-2024-50623
In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution...
CVE-2023-28134
Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...
CVE-2021-22704
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer all versions prior to V6.2 SP11 , Vijeo Designer Basic all versions prior to V1.2, or EcoStruxure Machine Expert all versions prior to V2.0 that could...
CVE-2021-30359
The Harmony Browse and the SandBlast Agent for Browsers installers must have admin privileges to execute some steps during the installation. Because the MS Installer allows regular users to repair their installation, an attacker running an installer before 90.08.7405 can start the installation...
CVE-2021-37063
There is a Cryptographic Issues vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to read and delete images of Harmony devices...